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A churn-resistant peer-to-peer web caching system | 
Prakash Linga, Indranil Gupta, Ken Birman 

October 2003 Proceedings of the 2003 ACM workshop on Survivable and self- 
regenerative systems: in association with 10th ACM Conference on 
Computer and Communications Security SSRS '03 

Publisher: ACM Press 

Full text available: fij pdf(1 ,07 MB ) Additional Information: ful l citation , abstract, references 

Denial of service attacks on peer-to-peer (p2p) systems can arise from sources otherwise 
considered non-malicious. We focus on one such commonly prevalent source, called 
"churn". Churn arises from continued and rapid arrival and failure (or departure) of a 
large number of participants in the system, and traces from deployments have shown that 
it can lead to extremely stressful networking conditions. It has the potential to increase 
host loads and block a large fraction of normal insert and lo ... 

Session 7: Squirrel: a decentralized peer-to-peer web cache j 
Sitaram Iyer, Antony Rowstron, Peter Druschel 

July 2002 Proceedings of the twenty-first annual symposium on Principles of 
distributed computing PODC f 02 

Publisher: ACM Press 

Full text available: ffl pdf(1,22 MB) Additional Information: full cit atio n, abstra ct, references, citings 

This paper presents a decentralized, peer-to-peer web cache called Squirrel. The key idea 
is to enable web browsers on desktop machines to share their local caches, to form an 
efficient and scalable web cache, without the need for dedicated hardware and the 
associated administrative cost. We propose and evaluate decentralized web caching 
algorithms for Squirrel, and discover that it exhibits performance comparable to a 
centralized web cache in terms of hit ratio, bandwidth usage and latency. It ... 

Astrolabe: A robus t and sc a lable t echnolo g y for distr i buted s ystem mo nitor i ng, 
management a nd data minin g 

Robbert Van Renesse, Kenneth P. Birman, Werner Vogels 

May 2003 ACM Transactions on Computer Systems (TOCS), volume 21 issue 2 
Publisher: ACM Press 

Additional Information: full citation , abstract , references , citings, index 
terms 



Full text available: g|pdf( 341.62 KB) 



Scalable management and self-organizational capabilities are emerging as central 
requirements for a generation of large-scale, highly dynamic, distributed applications. We 
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have developed an entirely new distributed information management system called 
Astrolabe. Astrolabe collects large-scale system state, permitting rapid updates and 
providing on-the-fly attribute aggregation. This latter capability permits an application to 
locate a resource, and also offers a scalable way to track sys ... 

Keywords: Aggregation, epidemic protocols, failure detection, gossip, membership, 
publish-subscribe, scalability 



4 DOS pr otection : Us i n g graph i c turin g tests to c oun ter au t oma ted DD o S a ttacks Q 
<§> against web servers 

^ William G. Morein, Angelos Stavrou, Debra L. Cook, Angelos D. Keromytis, Vishal Misra, Dan 
Rubenstein 

October 2003 Proceedings of the 10th ACM conference on Computer and 
communications security CCS '03 

Publisher: ACM Press 

_ Ml , , u . « , r/oceM , m Additional Information: full citation , abstract , references , citing s, index 

Full text available: TSJ ^(256^83 KB) ; 

""" ™" " terms 

We present WebSOS, a novel overlay-based architecture that provides guaranteed access 
to a web server that is targeted by a denial of service (DoS) attack. Our approach exploits 
two key characteristics of the web environment: its design around a human-centric 
interface, and the extensibility inherent in many browsers through downloadable 
"applets." We guarantee access to a web server for a large number of previously unknown 
users, without requiring pre-existing trust relationships between ... 

Keywords: Java, graphic turing tests, web proxies 



5 Web-conscious storage management for web proxies 

Evangelos P. Markatos, Dionisios N. Pnevmatikatos, Michail D. Flouris, Manolis G. H. 
Katevenis 

December 2002 IEEE/ ACM Transactions on Networking (TON), volume 10 issue 6 
Publisher: IEEE Press 

r- a* , Ul a , f/CAO(H1/m Additional Information: full citation, abstract, references, citings, index 

Full text available: 151 pdf(603 1 1 KB) ; 

terms 

Many proxy servers are limited by their file I/O needs. Even when a proxy is configured 
with sufficient I/O hardware, the file system software often fails to provide the available 
bandwidth to the proxy processes. Although specialized file systems may offer a 
significant improvement and overcome these limitations, we believe that user-level disk 
management on top of industry-standard file systems can offer similar performance 
advantages. In this paper, we study the overheads associated with file ... 

Keywords: secondary storage, web caching, web performance, web proxies 



6 Rethinkin g the d e sign of t he I n ter n et : t he en d - toend arguments vs. the brave new Q 
worl d 

Marjory S. Blumenthal, David D. Clark 

August 2001 ACM Transactions on Internet Technology (TOIT), volume l issue i 
Publisher: ACM Press 

,_ „ . . _ 7COO Additional Information: full citation , abstract, references , citings, index 
Full text available: ^jpdfd 76,33 KB) 

This article looks at the Internet and the changing set of requirements for the Internet as 
it becomes more commercial, more oriented toward the consumer, and used for a wider 
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set of purposes. We discuss a set of principles that have guided the design of the 
Internet, called the end-to-end arguments, and we conclude that there is a risk that the 
range of new requirements now emerging could have the consequence of compromising 
the Internet's original design principles. Were ... 

Keywords: ISP, Internet, end-to-end argument 



Content-tri gg ered trust ne g otiation 

Adam Hess, Jason Holt, Jared Jacobson, Kent E. Seamons 

August 2004 ACM Transactions on Information and System Security (TISSEC), volume l 

Issue 3 
Publisher: ACM Press 

t- h * * , M a , f/£HCOC1/m Additional Information: full citation, abstract, reference 
Full text available: ^jpdf(815.36 KB) terms — 

■ The focus of access control in client/server environments is on protecting sensitive server 
resources by determining whether or not a client is authorized to access those resources. 
The set of resources is usually static, and an access control policy associated with each 
resource specifies who is authorized to access the resource. In this article, we turn the 
traditional client/server access control model on its head and address how to protect the 
sensitive content that clients disclose to and r ... 

Keywords: Trust negotiation, access control, authentication, credentials 



Survey of network-based defense mechanisms countering the DoS and DDoS Q 
pr oble ms 

Tao Peng, Christopher Leckie, Kotagiri Ramamohanarao 

April 2007 ACM Computing Surveys (CSUR), volume 39 issue l 

Publisher: ACM Press 

Full text available: ^ pdf(1.17 MB) Additional Information: full citation, abstract , references index terms 

This article presents a survey of denial of service attacks and the methods that have been 
proposed for defense against these attacks. In this survey, we analyze the design 
decisions in the Internet that have created the potential for denial of service attacks. We 
review the state-of-art mechanisms for defending against denial of service attacks, 
compare the strengths and weaknesses of each proposal, and discuss potential 
countermeasures against each defense mechanism. We conclude by highligh ... 

Keywords: Botnet, DDoS, DNS reflector attack, DoS, IP spoofing, IP traceback, IRC, 
Internet security, SYN flood, VoIP security, bandwidth attack, resource management 



9 Securit y: LIGER: implementin g efficient hybrid security mec ha nism s for Q 
hetero g eneous sensor networks 

Patrick Traynor, Raju Kumar, Hussain Bin Saad, Guohong Cao, Thomas La Porta 
June 2006 Proceedings of the 4th international conference on Mobile systems, 

applications and services MobiSys 2006 
Publisher: ACM Press 

Full text available: ^ pdf( 592 .00 KB ) Additional Information: full citation, abstract, references, IndeMerms 

The majority of security schemes available for sensor networks assume deployment in 
areas without access to a wired infrastructure. More specifically, nodes in these networks 
are unable to leverage key distribution centers (KDCs) to assist them with key 
management. In networks with a heterogeneous mix of nodes, however, it is not 
unrealistic to assume that some more powerful nodes have at least intermittent contact 
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with a backbone network. For instance, an air-deployed battlefield network may ha ... 

Keywords: heterogeneous sensor networks, hybrid network security, probabilistic 
authentication, probabilistic key management 

10 The a r chi tec ture o f robus t publishing systems H 
^fey Marc Waldman, Aviel D. Rubin, Lorrie Faith Cranor 

November 2001 ACM Transactions on Internet Technology (TOIT), volume l issue 2 

Publisher: ACM Press 

Full text available: § pdf(680.21 KB) Additional Information: full cita ti on, abst rac t, references, index„tejins 

The Internet in its present form does not protect content from censorship. It is 
straightforward to trace any document back to a specific Web server, and usually directly 
to an individual. As we discuss below, there are valid reasons for publishing a document in 
a censorship-resistant manner. Unfortunately, few tools exist that facilitate this form of 
publishing. We describe the architecture of robust systems for publishing content on the 
Web. The discussion is in the context of Publius, as that ... 

Keywords: Censorship resistance, Web publishing 



11 Features: Instant Messa ging or Instant Headache? 
John Stone, Sarah Merrion 
April 2004 Queue volume 2 issue 2 

Publisher: ACM Press 

Full text available:® M(^« Addjtjona| lnformatlon: fu „ citation, index terms 
jgrj html(33.74 KB) 



12 Diag nosis of TCP overlay connection fa il ures usin g baves ia n netwo rks 
/£v George J. Lee, Lindsey Poole 

V September 2006 Proceedings of the 2006 SIGCOMM workshop on Mining network data 
MineNet '06 

Publisher: ACM Press 

Full text available: ^f) pdf(102.17 KB) Additional Information: full citation , abstract , references , index terms 

When failures occur in Internet overlay connections today, it is difficult for users to 
determine the root cause of failure. An overlay connection may require TCP connections 
between a series of overlay nodes to succeed, but accurately determining which of these 
connections has failed is difficult for users without access to the internal workings of the 
overlay. Diagnosis using active probing is costly and may be inaccurate if probe packets 
are filtered or blocked. To address this problem, we de ... 

Keywords: TCP overlay path diagnosis, bayesian networks, fault diagnosis, passive 
diagnosis, planetseer 



1 3 Digital village" Res p onsib l e web cac h i ng H 
Hal Berghel 

September 2002 Communications of the ACM, volume 45 issue 9 
Publisher: ACM Press 

Full text available: p,pj?f( 1 44.05 KB ), Addjtjona , , nformation: fu „ citation, abstract, index terms 
[g] html(40.45 KB) 
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Putting the distribution control of the Web's intellectual content in the hands of those who 
created it. 

14 Workshop on compositional software architectures: workshop report 
/j|v May 1998 ACM SIGSOFT Software Engineering Notes, volume 23 issue 3 
^ Publisher: ACM Press 

Full text available: ffl pdf(2.91 MB) Additional Information: full citation, index terms 



15 Applications and architecture: SHOCK: comm u nicati n g with computatjonaUaess^es Q 

and automatic private profiles 
^ Rajan M. Lukose, Eytan Adar, Joshua R. Tyler, Caesar Sengupta 

May 2003 Proceedings of the 12th international conference on World Wide Web 

WWW '03 
Publisher: ACM Press 

Full text available: || pdf(693.99 KB) Additional Information: full citation, abstract, references, MeMeLms 

A computationally enhanced message contains some embedded programmatic 
components that are interpreted and executed automatically upon receipt. Unlike ordinary 
text email or instant messages, they make possible a number of useful applications. In 
this paper, we describe a general and flexible messaging system called SHOCK that 
extends the functionality of prior computational email systems by allowing XML-encoded . 
SHOCK messages to interact with an automatically created profile of a user. These pr ... 

Keywords: collaborative systems, networking and distributed web applications, privacy 
and preferences 



16 Building an intranet in the labora t or y H 
Bruce P. Tis 

April 2000 Journal of Computing Sciences in Colleges , Proceedings of the fifth 
annual CCSC northeastern conference on The journal of computing in 
small colleges CCSC '00, volume 15 issue 5 

Publisher: Consortium for Computing Sciences in Colleges 

Full text available: ^| pdf( 38.58 KB) Additional Information: full citation, references, citings, LQdM.terms 



1 7 Current research tr e nds in interne t s ervers 
K. Kant, Prasant Mohapatra 

September 2001 ACM SIGMETRICS Performance Evaluation Review, volume 29 issue 2 
Publisher: ACM Press 

Full text available: pdf(366.76 KB) Additional Information: full citation, references 



1 8 Pedagogy: Th e e ff ect of a university inform a t ion secu rity su rv ey on instruction Q 
methods in information security 
Frank H. Katz 

September 2005 Proceedings of the 2nd annual conference on Information security 
curriculum development InfoSecCD '05 

Publisher: ACM Press 

Full text available: ^ pdf(90.57 KB) Additional Information: full citation, abstract, references mde^terms 
This paper reports on the need for Information Security Awareness educational programs 
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to supplement teaching in Information Security. The need for such a program is 
demonstrated by findings resulting from a survey of university faculty and staff at 
Armstrong Atlantic State University conducted from February through April 2005 
regarding the information security behaviors of such employees. 

Keywords: curriculum development, curriculum instruction, information assurance, 
information assurance curriculum, information security, information security curriculum 



19 Internet intrusions: g lobal characteristics and prevalence 
A Vinod Yegneswaran, Paul Barford, Johannes Ullrich 

V June 2003 ACM SIGMETRICS Performance Evaluation Review , Proceedings of the 
2003 ACM SIGMETRICS international conference on Measurement and 
modeling of computer systems SIGMETRICS '03, volume 31 issue l 
Publisher: ACM Press 

c ii * ^ i ui «n ^/cnn aa \,n\ Additional Information: full citation, abstract , references, citings, index 

Full text available: Tm pdf(699.44 KB) 

terms 

Network intrusions have been a fact of life in the Internet for many years. However, as is 
the case with many other types of Internet-wide phenomena, gaining insight into the 
global characteristics of intrusions is challenging. In this paper we address this problem 
by systematically analyzing a set of firewall logs collected over four months from over 
1600 different networks world wide. The first part of our study is a general analysis 
focused on the issues of distribution, categorization ... 

Keywords: internet performance and monitoring, network security, wide area 
measurement 



20 On Inferring A p plication Protocol Behaviors in Encrypted Network Traffic jjji 
Charles V. Wright, Fabian Monrose, Gerald M. Masson 
December 2006 The Journal of Machine Learning Research, volume i 

Publisher: MIT Press 

Full text available: ^| pdf( 3Q9.38 KB ) Additional Information: full citation, abstract 

Several fundamental security mechanisms for restricting access to network resources rely 
on the ability of a reference monitor to inspect the contents of traffic as it traverses the 
network. However, with the increasing popularity of cryptographic protocols, the 
traditional means of inspecting packet contents to enforce security policies is no longer a 
viable approach as message contents are concealed by encryption. In this paper, we 
investigate the extent to which common application protocol ... 
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